The Highlighter: Securing Cyberspace for the 44th Presidency – Part IV

A Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Part IV includes highlights of:

• Section 3 – Rebuilding Partnership with the Private Sector
  

——————————————————————————————————————————————
CSWW is not affiliated with CSIS or the commission that produced this report. The use of “we,” “our,” “us,” etc., throughout the highlights of this report refers to the members of the CSIS Commission and not to CSWW.
——————————————————————————————————————————————

The Highlights:

3
Rebuilding Partnership with the Private Sector

Recommendation

The U.S. government should rebuild the public-private partnership on cybersecurity to focus on key infrastructures and coordinated preventive and responsive activities. We recommend the president direct the creation of three new groups for partnership that provide the bases for both trust and action:

• A presidential advisory committee organized under the Federal Advisory Committee Act (FACA), with senior representatives from the key cyber infrastructures. This new body would incorporate the National Security and Telecommunications Advisory Committee (NSTAC) and National Infrastructure Advisory Council (NIAC);

• A town hall style national stakeholders’ organization that provides a platform for education and discussion; and

• A new operational organization, the Center for Cybersecurity Operations (CCSO), where public- and private-sector entities can collaborate and share information on critical cybersecurity in a trusted environment.

Securing cyberspace requires government and the private sector to work together.

There is a bifurcation of responsibility (the government must protect national security) and control (it does not manage the asset or provide the function that must be protected).

…the United States has a perplexing array of advisory groups with overlapping interests, inadequate resources, varying capabilities, and a lack of clarity around roles and responsibilities. To achieve real partnership, we must simplify mission and organizational structure.

In many interviews, we found almost universal recognition that the status quo is not meeting the needs of either the government or the private sector with respect to trust and operational collaboration.

Another problem for securing cyberspace is a diffusion of effort. Currently DHS identifies 18 different sectors as critical.

For us, critical means that, if the function or service is disrupted, there is immediate and serious damage to key national functions such as U.S. military capabilities or economic performance.

To focus the defense of cyberspace, we have identified four critical cyber infrastructures: energy, finance, the converging information technology and communications sectors, and government services (including state and municipal governments).

We recommend concentrating on two key problems: how to build trust between the government and company executives and how to focus efforts on what is truly critical for cyberspace.

The primary goal of the new partnership organizations should be to build action-oriented relationships rather than to share information that is either already available or that companies are reluctant to provide. This can be done by creating a simplified structure that has three parts: a new presidential advisory committee that connects the White House to the private-sector entities most important for cyberspace; a national town-hall organization that provides a dialogue for education and discussion, and a new operational organization.

The intent behind the three groups is to provide an inclusive platform for national engagement, something the United States currently lacks.

Trust is the foundation of a successful partnership between government and the private sector.

The President’s Committee for Secure Cyberspace would absorb the National Security and Telecommunications Advisory Committee (NSTAC) and the National Infrastructure Advisory Council (NIAC). It must be limited to C-level membership (not Washington representatives).

Membership would be drawn from the leading companies in the critical cyber infrastructures. The President’s Export Council is a useful precedent for the design of this new group.

What we need is a group of executives from critical cyber infrastructure companies who will interact regularly with senior federal officials in order to create the trust relationships needed for real information exchange and for collaboration in a time of need.

The questions of what to do with the existing advisory bodies is a difficult one. Our recommendation is to prune where possible.

National Town-Hall Group

Our second recommendation, the creation of a new town-hall process, provides a vehicle to involve a broad range of stakeholders. The town-hall meetings held as part of the process of developing the 2003 national cybersecurity strategy attracted large audiences and provided broad exposure to public concerns and government thinking. This new group would be inclusive and provide a platform for general messaging, information sharing, and stakeholder input. It would include companies and associations in the 18 sectors DHS identifies as critical, other industries, consumer groups, and trade associations. Its goal would be to build public awareness through town-hall meetings and to create opportunities for new relationships.

Center for Cybersecurity Operations

Finally, we recommend the creation of a new organization to the address operational issues. We call this the Center for Cybersecurity Operations (CCSO), a new nonprofit organization where public- and private-sector entities can collaborate and share information on critical cybersecurity matters in a trusted environment. The CCSO would be guided by a board of directors consisting of cybersecurity leaders from government, industry, and academia.

The mission of the CCSO will be to address operational issues that affect critical cyber infrastructure.

————————————————————————————————————————-

Coming soon…

The Highlighter: Securing Cyberspace for the 44th Presidency – Part V

Section 4 – Regulate for Cybersecurity

————————————————————————————————————————-

Read the full CSIS report
About The Highlighter
The Highlighter: Securing Cyberspace for the 44th Presidency – Part I
The Highlighter: Security Cyberspace for the 44th Presidency – Part II
The Highlighter: Securing Cyberspace for the 44th Presidency – Part III

Filed under: Analysis, Business, cyber security, cyber war, Doctrine, government, History, Intelligence Community, Internet, Life, Military, News, Policy, Politics, Polls, Strategy, Technology, Terrorism, The Highlighter, Training, War, CCSO, collaboration, convergence, converging technologies, CSIS, cyber security, cyber space, DHS, energy, FACA, finance, information technology, key infrastructures, National Security, NIAC, NSTAC, presidential advisory committee, private sector, recommendations, town hall, United States, US Government, US military, US president, White House